This disclosure relates generally to computing systems that protect against security threats, and more specifically to protecting against service overload attacks, such as application layer Denial-of-Service (DoS) attacks.
Service overload attacks occur when one or more entities infiltrate or saturate one or more resources (e.g., memory, CPU) for the purpose making one or more sets of data associated with such resources unavailable to legitimate users. For example, in an application layer DoS attack, a first user may over-utilize a service feature (e.g., load up a virtual shopping cart with thousands of items and perpetually refreshing those carts). This over-utilization can cause various resource consumption problems, such as database lockouts, crashes, processing delay, etc. Such over-utilization makes it difficult or impossible for genuine users to connect with or access particular data.
Another example of a service overload attack is the Distributed Denial-of-Service (DDoS) attack. A DDoS attack is similar to a DoS attack, except that a user device recruits various other user devices (i.e., a botnet) to each simultaneously infiltrate the target resource(s). Under this method, the user succeeds in making other users download malware, such as through phishing, and at a particular time the botnet sends each of their respective requests at the same time or at substantially the same time in order to flood the target resource(s). This causes the target system to slow down, crash, or shut down, thereby denying service to legitimate users.